Amidst growing political dissatisfaction, the Russian government is grappling with the apparent vulnerabilities of the country’s internet. On February 1, Dmitry Medvedev, the deputy chairperson of the Security Council of the Russian Federation, acknowledged during an extensive interview with Russian media what foreign analysts have long suspected: disconnecting Russia from the internet is possible (TASS, February 1). And as if to provide a rationale for such potential action, the previous week, the Federal Security Service’s (FSB) National Coordination Center for Computer Incidents (NKTsKI) reported a threat of possible cyberattacks by the United States and its allies against Russia’s critical infrastructure (Interfax, January 22).
Regarding a potential internet shutdown, Medvedev told journalists, “Technologically, everything is ready for this. At the legislative level, all decisions have also been made. But I emphasize once again: this is not easy, and I would really not like it…” More intriguingly, he noted that the authorities have a plan of action in case the situation occurs (TASS, February 1). Medvedev has previously served as prime minister as well as president of the Russian Federation, and he remains especially close to Vladimir Putin; therefore, his remarks can be read as official confirmation of the government’s abilities to control the Internet if necessary. While the NKTsKI’s earlier pronouncement provides direct rationale for such possible action.The Russian population has already had a foretaste of Medvedev’s predictions. In response to demonstrations protesting the government’s actions against opposition leader Alexei Navalny, the Russian authorities, on January 23, began limited “dry-run” internet disruptions in Moscow and St. Petersburg. Internet service provider MTS’s metrics covering the two cities indicate a fall in observed connectivity for roughly six hours during the street rallies (Netblocks.org, January 23).
But for the Russian government, the biggest perceived threat is evidently not indigenous political unrest but rather potential attacks on domestic computer networks from abroad. On January 22, the FSB’s NKTsKI issued an alert on the possibility of cyberattacks against Russia’s critical infrastructure that might be carried out by the US and its Western allies. The agency’s press release stated, “The NKTsKI warns of a threat of targeted computer attacks. Amidst constant accusations of involvement in organizing computer attacks that are leveled against the Russian Federation by representatives of the US and its allies, as well as threats of carrying out ‘retaliatory’ attacks on Russia’s critical information infrastructure coming from their side, the National Coordination Center for Computer Incidents suggests taking measures to improve the security of information resources.” In particular, the NKTsKI proposed measures to boost the security of Russian IT infrastructure, including checking the relevance of current cyber-security incident response plans and instructions, informing staff about possible phishing attacks, auditing network information security and anti-virus software, avoiding third-party Domain Name System (DNS) servers, as well as periodically updating passwords and software (Interfax, January 22).
The NKTsKI’s warning of course conspicuously overlooks and implicitly dismisses Russia’s years-long persistent cyber-intrusions around the world, including against the United States. A month before the 2016 presidential election, the US Department of Homeland Security and Office of the Director of National Intelligence on Election Security famously issued a joint statement declaring the institutions were “confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations” (Dhs.gov, October 7, 2016). And more recently, on January 5, 2021, US intelligence and law enforcement agencies released a joint statement contending Russia had yet again been behind a series of massive cyberattacks against US government agencies, first revealed in December 2020. The multi-agency Cyber Unified Coordination Group (UCG) specified, “This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.” The UCG added that the assault involved “approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product” (Cisa.gov, January 5, 2021).
Closer to home, NKTsKI might concentrate more on indigenous hacking issues rather than discussing potential foreign cyberattacks. On January 27, Olga Baskakova, a project manager at the Coordination Center for .ru and .рф domains, announced that last year more than 400,000 malicious internet domains were identified in Russia, of which more than 17,000 were associated with “phishing” attacks (1prime.ru, January 27). Medvedev’s remarks, however, illustrate his government’s unhappiness with the reality that the US remains preeminent when it comes to control and administration of the internet’s infrastructure: “The internet, as you know, appeared at a certain time, and, of course, the key management rights are in the United States of America” (TASS, February 1).
Given rising national discontent against the Russian government’s increasingly heavy-handed response to its political opposition and overall declining standards of living, it would appear the country’s security services have concluded that taming the internet is a prudent policy to ensure governmental control. And the alleged threat of US interference serves as a convenient excuse for such censorious policies.